BA
Better Auth5mo ago
ksink7

Using secure cookies on local dev server (running https) not working

I am need to test my application locally using https for a third party integration (unrelated to this), but I am running into an issue where my sessions are not being found after sign-in when using a local https server, using secure tokens. I tried to set the advanced useSecureCookies config to true, but that did not work. The secure cookies are being set in my browser, the sessions exist in the database, and the tokens that I am logging on the console are all lining up, however when I use the getSession hook, its returning null. Debuggin items I have checked: - BETTER_AUTH_URL is being set to https://localhost:3000 - Https is working - Tried setting useSecureCookies in the advanced config section - Tried setting the cookiePrefix to Secure-better-auth Example logging when logging out my session_token cookie before the getSession hook, and the response. Logic for getting the session with set cookies: const { getWebRequest } = await import('vinxi/http'); const request = getWebRequest(); const cookies = request?.headers.get('cookie') || ''; sessionResponse = await authClient.getSession({ fetchOptions: { headers: { cookie: cookies } } }); [root] beforeLoad: Fetching session from authClient.getSession [SSR] Raw cookie header: Secure-better-auth.session_token=<valid_token>.<signature> [SSR] Parsed session ID: <valid_token> [SSR] Parsed signature: <signature> [root] Session fetch result: { data: null, error: { status: 0, statusText: '' } }
2 Replies
khuong
khuong3mo ago
Hello I also have issue with Secure cookie on https. Have you solved this problem?
Tarr
Tarr2mo ago
Hey, did either of you solve your issue ? I seem to be running into the same issue I don't know if it was similar for you, but in my case, I was using a self-signed cert while waiting for some details to setup let's encrypt. This resulted in my calls to authClient.getSession failing silently and similarly to yours, (result: { data: null, error: { status: 0, statusText: '' } }) I noticed this when i made calls with postman to the api/auth/get-session and they worked. I tested this by making some manual fetch() calls inside my authentication middleware 
await fetch(process.env.BETTER_AUTH_URL + "/api/auth/get-session", {
        method: "GET",
        headers: getHeaders() as HeadersInit,
        credentials: "include",
    })
    .then(async (response) => {
        let data;
        try {
            data = await response.clone().json();
        } catch (err) {
            console.warn('No JSON body or invalid JSON:', err);
            data = null;
        }
        console.log('Response:', response);
        console.log('Response body:', data);
        return response;
    })
    .catch(error => {
        console.error('POST Error:', error);
        throw error;
    });
await fetch(process.env.BETTER_AUTH_URL + "/api/auth/get-session", {
        method: "GET",
        headers: getHeaders() as HeadersInit,
        credentials: "include",
    })
    .then(async (response) => {
        let data;
        try {
            data = await response.clone().json();
        } catch (err) {
            console.warn('No JSON body or invalid JSON:', err);
            data = null;
        }
        console.log('Response:', response);
        console.log('Response body:', data);
        return response;
    })
    .catch(error => {
        console.error('POST Error:', error);
        throw error;
    });
Which gave me these logs: 
POST Error: TypeError: fetch failed
    at node:internal/deps/undici/undici:15422:13
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async file:///app/server/chunks/build/auth-middleware-EQUcg2X5.mjs:7:103
    at async file:///app/server/chunks/nitro/nitro.mjs:5411:75
    at async file:///app/server/chunks/nitro/nitro.mjs:5404:15
    at async D$1 (file:///app/server/chunks/nitro/nitro.mjs:5402:79)
    at async Object.M$1 [as handler] (file:///app/server/chunks/nitro/nitro.mjs:5386:10)
    at async file:///app/server/chunks/nitro/nitro.mjs:1572:19
    at async Object.callAsync (file:///app/server/node_modules/unctx/dist/index.mjs:72:16)
    at async toNodeHandle (file:///app/server/chunks/nitro/nitro.mjs:1843:7) {
  [cause]: Error: self-signed certificate; if the root CA is installed locally, try running Node.js with --use-system-ca
      at TLSSocket.onConnectSecure (node:_tls_wrap:1631:34)
      at TLSSocket.emit (node:events:507:28)
      at TLSSocket._finishInit (node:_tls_wrap:1077:8)
      at ssl.onhandshakedone (node:_tls_wrap:863:12) {
    code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
  }
}
POST Error: TypeError: fetch failed
    at node:internal/deps/undici/undici:15422:13
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async file:///app/server/chunks/build/auth-middleware-EQUcg2X5.mjs:7:103
    at async file:///app/server/chunks/nitro/nitro.mjs:5411:75
    at async file:///app/server/chunks/nitro/nitro.mjs:5404:15
    at async D$1 (file:///app/server/chunks/nitro/nitro.mjs:5402:79)
    at async Object.M$1 [as handler] (file:///app/server/chunks/nitro/nitro.mjs:5386:10)
    at async file:///app/server/chunks/nitro/nitro.mjs:1572:19
    at async Object.callAsync (file:///app/server/node_modules/unctx/dist/index.mjs:72:16)
    at async toNodeHandle (file:///app/server/chunks/nitro/nitro.mjs:1843:7) {
  [cause]: Error: self-signed certificate; if the root CA is installed locally, try running Node.js with --use-system-ca
      at TLSSocket.onConnectSecure (node:_tls_wrap:1631:34)
      at TLSSocket.emit (node:events:507:28)
      at TLSSocket._finishInit (node:_tls_wrap:1077:8)
      at ssl.onhandshakedone (node:_tls_wrap:863:12) {
    code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
  }
}
I then tested by setting the environment variable NODE_TLS_REJECT_UNAUTHORIZED = 0 and things resolved. I guess it would be nice if these errors bubbled up in better-auth (maybe they do as my library is a couple of months out of date)

Did you find this page helpful?